Merge from Widevine repo of http://go/wvgerrit/121950
Remove term "Master" from "Widevine Master License Agreement".
Bug: 168562298
Change-Id: I655babf1bc447f4872f6a0f849107262be42df7a
[ Merge of http://go/wvgerrit/116944 ]
This change is the last part of a three part change for restructing
the root of trust used by the reference implementation.
OEM Certificates are now managed by the root of trust of the crypto
engine. Previously, OEM certs where handled separately on a session
by session basis.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I6cf1fa3fade28baad85b5fce57a8eab6f2ed17c1
[ Merge of http://go/wvgerrit/115551 ]
This change is the second part of a three part change for restructing
the root of trust used by the reference implementation.
The use of RSA_shared_ptr has been replaced with the standard library
std::shared_ptr using the RsaPrivateKey wrapper class. The
AuthenticationRoot class now uses this for the built-in DRM cert key.
RSA decryption and signature operations within the session context are
now performed the RsaPrivateKey class. This has reduced the code size
and complexity within the reference and testbed, focusing their
implementation on key policy and less on mechanics.
Bug: 168544740
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: Ic743a529a9858f3182290d8bcf5e1633737b005b
[ Merge of http://go/wvgerrit/115550 ]
This change is the first part of a three part change for restructing
the root of trust used by the reference implementation.
The API of the AuthenticationRoot class has been updated to reflect
the OEMCrypto functions that relate to the root of trust. This
involves changing the keybox and DRM Cert methods and adding in new
stubs for OEM Certificates.
The WvKeybox now uses a RAII-like interface to ensure that keyboxes
are provisioned correctly or not at all.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I3f2baf29c1022e1806b6196fa6650d761785c626
The sc-dev branch on Android is out of sync with several important
changes on the CDM master branch. This changes copies several CLs.
[ Merge of http://go/wvgerrit/104524 ]
OEMCrypto unittest: generic crypto APIs
Add unit tests to verify that generic crypto APIs do not crash for large
input buffer lengths and signature lengths.
[ Merge of http://go/wvgerrit/106583 ]
Fix secure buffer tests in OEMCrypto testbed
The secure buffers were not being used correctly in the testbed, and
were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths.
[ Merge of http://go/wvgerrit/109603 ]
Reject block_offsets of 16 or greater in OEC Ref
This is a potential security hole. We will be enforcing that OEMCrypto
rejects this in an upcoming test, so the Ref must be updated to reject
it.
[ Merge of http://go/wvgerrit/110165 ]
Fix Format String Signedness
See above for full description.
[ Merge of http://go/wvgerrit/111784 ]
Fix heap overflow test in L3 and OEMCrypto ref
Check the length of wrapped_rsa_key_length before casting to
WrappedRSAKey struct.
[ Merge of http://go/wvgerrit/113563 ]
Reword "blacklisted" to "forbidden"
[ Merge of http://go/wvgerrit/113583 ]
Use error code from RAND_bytes
The return code from RAND_bytes was not used correctly.
[ Merge of http://go/wvgerrit/113644 ]
Check for buffer overflow when computing subsample size
The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize
cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer
overflow. This is in the refernce code, level 3, and odkitee.
[ Merge of http://go/wvgerrit/113683 ]
OEMCrypto reference code: respect analog flags for clear buffers
The reference code should honor the analog_display_active flag for
both clear and secure buffers.
[ Merge of http://go/wvgerrit/114883 ]
Add size check for IV in OEMCrypto APIs
IV is supposed to be 16 bytes but the size is never checked before iv
gets used in LoadProvisioning.
Bug: 145026457
Bug: 147569428
Bug: 159847851
Bug: 162372059
Bug: 169278035
Bug: 169980065
Bug: 173460694
Bug: 173994023
Bug: 174523584
Bug: 175001473
Bug: 175041667
Test: No compiled files changed
Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
[ Merge of http://go/wvgerrit/115549 ]
Our WV CRC-32 implementation is for CRC-32/MPEG-2 (rather than the
documented CRC-32-IEEE). The OEMCrypto document has been updated to
reflect the reference implementation.
Test: oemcrypto_partner_tests
Bug: 135283522
Change-Id: Iea8fc4ec500aec96bdb27102c51dfcca77d7bffb
[ Merge of http://go/wvgerrit/115548 ]
Create a small set of unittests to verify the functionality of OEM
Certificate.
This adds a test OEM Public Certificate and OEM Private Key.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: Iaa634543d9cb5005d91f1e7c528bf05b2b0c4d68
[ Merge of http://go/wvgerrit/115547 ]
The functionality of OEM Certificates are being abstracted away. This
is to help with the integration of ECC-based DRM certificates and in
preparation for ECC-based OEM Certificates.
Summary of OEM Certificate functionality:
- Parsing OEM Public Certs (PKCS7 signedData)
- Parsing OEM Private Key (PKCS8 PrivateKey)
- Public cert getter
- Implements most of OEMCrypto_GetOEMPublicCertificate()
- Certificate validation
- Implements most of OEMCrypto_IsKeyboxOrOEMCertValid() for OEM
Certificates
- Checking public-private key pairing
Bug: 135283522
Test: Future CL
Change-Id: Ib9580bd83641865c53dd829ff09b142bf111768c
[ Merge of http://go/wvgerrit/115546 ]
Included a set of unittests for RSA keys which ensure client-server
RSA operations work as expected.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I8363a82403d0780f3074a05c64c804e700c2b779
[ Merge of http://go/wvgerrit/115545 ]
This change wraps the RSA key in a public and private key class that is
similar to how ECC keys are wrapped.
This new wrapper replaces deprecated OpenSSL/BoringSSL RSA signing and
signature verification API and uses the generic key digest context for
RSASSA-PSS signatures.
Bug: 135283522
Test: Future CL
Change-Id: Ifff649a3abcca127cc539f937c429c7da8acdcc6
[ Merge of http://go/wvgerrit/114284 ]
The unittests check that the ECC keys are being created as expected
and that they can perform their basic operations.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I1bdb26421ba47e1ab135f5ce5a54da304627a7c3
[ Merge of http://go/wvgerrit/113750 ]
This introduces two classes EccPublicKey and EccPrivateKey which
perform all ECC-specific crypto operations. The main operations
required by ECC are:
- Load/serialize keys from/to X.509 DER formats
- Generate ECC signatures
- Verify ECC signatures
- Derive session keys used by other OEMCrypto operations
These new classes still need to be plugged into rest of the reference
OEMCrypto implementation.
Bug: 135283522
Test: Future CL
Change-Id: Id071cad9129f95a6eb08662322154ba7d1548d40
(This is a merge of the parts of http://go/wvgerrit/105985 that affect
Android.)
This patch fixes some files that, after recent changes, were no longer
building when using OpenSSL instead of BoringSSL. <memory> was missing
in a header, and a function whose return type is different on OpenSSL
was tripping up the format-string warnings.
Bug: 168553979
Test: jenkins/ce_cdm_tests
Test: Android CDM Build
Change-Id: Id6a33d0ce0d3cbe5fe33b3f22aa3ee6b03ac76dd
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
[ Merge of http://go/wvgerrit/105025 ]
Clang and GCC allow for warnings against the arguments for printf-like
functions (e.i. LOGx). These validate that the format type specified
in the format string match the corresponding argument type.
Most of the time, format specifer errors are benign; hence why they
haven't been seen as an error so far. However, with the enabling of
specifier warnings and the enabling of warnings as errors on certain
platforms, these existing errors need to be addressed.
This CL enables format specifier warnings for most of the Widevine
code, with the OEMCrypto L3 implementation which has a single error
which requires a fix in the haystack code before being fixed in the
Widevine branch.
Strict format string warnings are not enabled for non-LP64 systems.
Bug: 137583127
Test: Compiled for Linux and Android
Change-Id: I051398332d31a20457b86563a90ad8f6d428445f
Merge from Widevine repo of http://go/wvgerrit/101905
The reference OEMCrypto should not be built as part of Android.
Test: Builds
Bug: 146361995
Change-Id: Ic25e6e567fcac519636f64dabc0d59b3df78990e
Merge from Widevine repo of http://go/wvgerrit/100110
The unit test TimeRollbackPrevention was broken for several
reasons. This CL reduces the test to its most basic functionality and
updates it to be compatible with a v16 oemcrypto.
This CL also adjusts the fake clock used by the buildbot to fake
sleeping backwards, so that the TimeRollbackPrevention test can also
be run on the buildbot.
Bug: 155773482
Bug: 79422351
Test: unit tests on buildbot, and on flame w/v16 modmock
Change-Id: I3027018b17b738281989e63ae6b0729757217d05
Merge from Widevine repo of http://go/wvgerrit/100385
The map now contains unique_ptr instead of raw pointers
to ensure the memory is released.
Bug: 156780432 OEMCrypto Fuzzing: Fix OEMCrypto Memory Leak.
Test: oemcrypto reference code only
Change-Id: I78054f9207399f052d6e4bfdfa96824f6e050bac
Merge from Widevine repo of http://go/wvgerrit/96843
This CL modifies the system time used by the reference OEMCrypto so
that it recovers from a clock rollback. When the clock rolls back, it
now adjusts the current time and continues forward. This is needed
when running unit tests on some platforms that reset the clock at
the beginning of a test.
Bug: 152649427
Test: unit tests on buildbot. (No production code on Android)
Change-Id: I7edcdc0cd4e5938c9a54e745d3a0e008f9eb13ed
Merge from Widevine repo of http://go/wvgerrit/96783
This CL updates the reference code, unit tests, and adapter to use the
new v16 function OEMCrypto_LoadDRMPrivateKey. This is just an API
change to allow ECC support in the future. The reference code does not
yet support ECC certificates, and the CDM code assumes that all
certificates have an RSA key.
Bug: 152558018
Test: unit tests on taimen and w/v16 mod mock.
Change-Id: I0793b416513b81b3d74849f0b58dbdc91f075ac6
Merge from Widevine repo of http://go/wvgerrit/96508
This adds a unit test for to verify that a preloaded license may be
loaded into OEMCrypto. A preloaded license is a license that does not
have a nonce, and for which there is no license request. This is used
in CAS and ATSC.
I also updated the test version string to
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
Bug: 144105097
Test: ran oemcrypto unit tests on taimen and with v16 modmock.
Change-Id: I6a4926917f36a084d15defa7b908d067612c4dcf
(This is a merge of http://go/wvgerrit/96226.)
This patch does a number of different things in order to re-enable the
CDM to use OpenSSL 1.1.0+ out of the box, instead of just BoringSSL:
* To support https://cryptography.io/, BoringSSL has reimplemented just
enough of the OpenSSL PKCS7 API that we can fulfill our purposes with
code that works on either library. This patch replaces code in
privacy_crypto_boringssl.cpp and oec_session_util.cpp that was only
compatible with BoringSSL with code that also works in OpenSSL.
* Replaces code in oec_session_util.cpp that used the deprecated OpenSSL
1.0.0 API with OpenSSL 1.1.0-compatible code. This code previously
worked on BoringSSL because they have not yet removed the OpenSSL
1.0.0 functions, even though they also implemented the 1.1.0 API.
* Replaces openssl/mem.h (which does not work in OpenSSL 1.1.0 and
higher) with openssl/crypto.h. (which works in all OpenSSL and
BoringSSL releases) This does not require any function code changes.
* The OID-comparison code in privacy_crypto_boringssl.cpp was using
BoringSSL-exclusive functions to convert OBJ-format OIDs to text.
Conversion functions that work on either library exist. However, the
new code uses a different technique instead, pre-converting the
passed-in OID to OBJ format. This allows it to be compared to the
certificate directly, avoiding converting every certificate extension
OID to text.
* Allows the selection of "openssl" as the privacy_crypto_impl and adds
a variable to configure OpenSSL. More will follow in future patches
as more configurations of OpenSSL are supported.
Bug: 140053043
Test: CE CDM Unit Tests
Test: CE CDM Unit Tests w/ the x86-64 Platform Reconfigured to OpenSSL
Test: Android Unit Tests
Change-Id: I57cebbbfb59e0bcab85b589b98fb9ffd18885415
Merge from Widevine repo of http://go/wvgerrit/95945
The reference oemcrypto and testbed still use old style pointers, even
though we now require a more modern C++ compiler. Updated a few places
where smart pointer would be appropriate.
Bug: 141393616
Test: Ran unit tests
Change-Id: I8b1e155bce241075928e373478d6f8e1001233f9
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/93505 ]
During the merge process there were a few CL comments (ag/10122083)
that were not able to be addressed. Most changes in the CL are
spelling / grammar corrections.
Bug: 148907684
Bug: 141247171
Test: CDM unit tests
Change-Id: I9a8648525bbe5ed319521ebf01741a958ab69ae2
Merge from Widevine repo of http://go/wvgerrit/93404
This is the unit tests, reference code, and documentation for
OEMCrypto v16.2. Backwards compatibility should work for a v15
OEMCrypto.
Some review comments will be addressed in future CLs.
Bug: 141247171
Test: Unit tests
Test: Media GTS tests on bonito
Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.
Bug: 141248879
Test: m checkbuild
Change-Id: I53757b813fe2984261a3bde963cac1886523dfdf
Merge from Widevine repo of http://go/wvgerrit/79243
Modify failures for LoadKeyWithSuspiciousIV and SelectKeyNotThereAPI15
This turns on some unit tests that were disabled for Q release.
Merge from Widevine repo of http://go/wvgerrit/77948
Mod Mock: Dump entitlement keys - this allows some logging when
running in a test environment.
Merge from Widevine repo of http://go/wvgerrit/75763
Refactor OEMCrypto Decrypt Tests
This CL refactors the oemcyrpto decryption tests. A bunch of boiler
plate code was moved to a common test setup. Also, buffer handling
was streamlined so that it will be easier to use these test with
secure output buffers.
Bug: 131281966
Bug: 129432708
Test: unit tests
Change-Id: Iebf62611a16e0a4def9c4daed1c6cdf12686ba74
Merge from Widevine repo of http://go/wvgerrit/77609
For v15.2 we require that nonces not collide across sessions and there are
restrictions placed on the mac key's IV in LoadKeys.
Test: ran unit tests on reference code
Bug: 131325434
Bug: 131326334
Change-Id: I1bb01c30d8c15d66d762c28b57d7700c44daa835
Merge from Widevine repo of http://go/wvgerrit/78144
This CL verifies that LoadKeys cannot be called twice a second time in
an OEMCrypto session.
Bug: 131359743
Test: unit tests on refernce code and taimen
Change-Id: I3da1c7639ed163799ee5996fd9f7f8b427c7ed30
Merge from Widevine repo of http://go/wvgerrit/72392
This adds the ability of the reference code to set the maximum output
buffer size error discussed in the Recoverable Errors section of
http://go/wvdelta15
Bug: http://b/120572363 Add Recoverable Errors (mod mock)
Change-Id: I688caca22929e29b3548c3f7d1df5de5bd37bfa1
Merge from Widevine repo of http://go/wvgerrit/72388
The unreleased oemcrypto test code has been modifed to keep a
singleton for the life of the process. In order to do that, several
functions in the reference code have been made virtual, and some
initialization and termination has been moved from the constructor and
destructor to Initialize and Terminate.
Bug: http://b/120572363 Add Recoverable Errors (mod mock)
Test: unit tests
Change-Id: I300559195567a537c0700167514be0ea42363695
Merge from Widevine repo of http://go/wvgerrit/72386
This CL changes reference and testbed OEMCyrpto only.
Updates the logging of the key control block for testing by adding new
bits to log and cleaning up the format.
Also, update access to entitlement keys so that they can also have
their key control block logged in tests.
Test: reference and test code only.
Bug: http://b/113594182 Full Decrypt Path Testing - Top Level
Bug: http://b/68648263 Log Key Control Block
Change-Id: I259d6f29eceb9f097640aa50f43443e308797f69
(This is a merge of http://go/wvgerrit/70303)
This adds a platform.h file to abstract some of the differences
between Windows and POSIX platforms. This includes ntohl, setenv,
and ssize_t.
Bug: 122953649
Test: Android Unit Tests
Change-Id: I3235f3f284b53d24d7365ff3f4a06dcd9b403697
[ Merge of http://go/wvgerrit/70203 ]
The earlier property_get() method had a limitation on property length.
Properties of some new devices exceed that length. An error message
is returned rather than a truncated string. Replace its use with
android::base::GetProperty() which does not have a length limitation.
Bug: 115358798
Test: WV unit/integration tests
Change-Id: I46ce9a7e77bcd031225d0082f83c57d484fe5405
Bug: b/119881112
Merge of http://go/wvgerrit/68983
Test: Android + Linux tests for ref and L3
This CL removes tests from OEMCrypto that test shared license
functionality and code in the ref and L3 that handle shared licenses.
Change-Id: Ia11510d8db3fa6e471a4ebbdb371fd76b0812984
Merge from Widevine repo of http://go/wvgerrit/68464
The Full Decrypt Path Testing design has changed to remove
OEMCrypto_InitializeDecryptHash. This CL updates the unit tests and
reference code.
Bug: 120795057
Test: unit tests
Change-Id: Iee28fa9034dc21cee81c5b894c192e260375eeee
